Introduction

It turns out that packets are involved in everything you do on the Internet. Packet is a basic unit of communication over Computer Network. Every Web page you receive, every e-mail you write is also made up of packets. Packet switched networks are networks that transport data in small packets.

What is a Packet?

On the Internet, an e-mail message is broken down into bytes of a specified size. These are the individual packages. Each packet contains information that will assist it in reaching its destination, such as the sender’s IP address, the intended receiver’s IP address, and a number that tells the network how many packets this e-mail message has been broken into. The data is carried in packets by the Internet’s protocols, Transmission Control Protocol/Internet Protocol (TCP/IP). Each packet contains a portion of your message’s body. Typically, a packet has 1,000 to 1,500 bytes.

Each packet is subsequently sent to its destination through the best available route, which may or may not be shared by all other packets in the message. This improves the network’s efficiency. First, the network can millisecond-by-millisecond balance the load across several pieces of equipment. Second, if a piece of network equipment fails while a message is being sent, packets can be routed around the fault, ensuring that the complete message is delivered.

Data Packet Structure

Most network packets are split into three parts:

Header – The header contains information about the data that the packet will carry. These instructions may contain the following:

• The length of the packet (some networks have fixed-length packets, while others rely on the header to contain this information).
• Synchronization (a few bits that help the packet match up to the network).
• Packet number (which packet this is in a sequence of packets).
• Protocol (on networks that carry multiple types of information, the protocol defines what type of packet is being transmitted: e-mail, Web page, streaming video etc.)
• Destination address (where the packet is going).
• Originating address (where the packet came from).
• Other technical data.

Payload – Also known as a packet’s body or data. This is the data that the packet is sending to its intended destination. If the payload of a packet is fixed-length, it may be padded with blank data to make it the proper size.

Trailer – The trailer, also known as the footer, usually contains a handful of bits that inform the receiving device that the packet has ended. It may also include some form of error detection. Cyclic Redundancy Check is the most prevalent type of error checking employed in packets (CRC).

CRC is a really cool program. In some computer networks, this is how it works: It puts together the sum of all the 1s in the payload. The result is saved in the trailer as a hexadecimal value. The receiving device adds up the 1s in the payload and compares the result to the trailer’s value. The packet is valid if the values match. However, if the values do not match, the receiving party will be notified.

Conclusion

Consider how an e-mail message might be divided into packets as an example. Assume you’re sending an e-mail to a friend. The size of the e-mail is approximately 3,500 bits (3.5 kilobits). You’re sending it across a network that employs 1,024-bit fixed-length packets (1 kilobit). Each packet contains a 96-bit header and a 32-bit trailer, leaving 896 bits for the content. Four packets are required to separate the 3,500 bits of message into packets (divide 3,500 by 896). The payload will be 896 bits in three packets and 812 bits in the fourth. The contents of one of the four packages would be as follows:

The proper protocols, as well as the originating address, will be included in the header of each packet.

Hping3 is a command-line tool that allow us to analyze TCP/IP messages on a network. Also Hping3 can assemble network packets, which can be very useful for pentesters in performing device and service discovery and illegal actions like performing a Denial-Of-Service (DoS) attack.

Hping3 comes pre-installed with Kali Linux. It is very useful for testing a network.

Key Features of Hping3

1. Host discovery on a network.
2. Fingerprinting host devices to determine services.
3. Sniffing network traffic.
4. Denial of Service (DoS).
5. File Transfer.

Host Discovery on a Network

In the real world there are many servers and devices that have ICMP responses disabled for security reasons. We can useHping3 to probe a port on a target system to force an ICMP response back.

First we use the ping utility to send ping request on our localhost server.

On the above screenshot we can see that we don’t receive any responses from the target. Novice guys may assume that target is offline and would probably move on.

If we use Hping3 to probe a specific port by sending SYN packets will force the target to reveal itself.

sudo hping3 -S 192.168.225.48 -p 80 -c 2

Here we have specified SYN packets using -S flag, and specify the port 80 using -p 80. After applying the above command we got following response shown in the screenshot:

From the above screenshot we can see that we have received successful responses from our target. This means our target is open.

Sending Files using Hping3

We can also send files using hping3. For an example we just send a text file from our Linux Mint virtual machine to our host Kali Linux machine. First we start listener on our machine where we want to download our file by using following command:

sudo hping3 -1 192.168.225.29 -9 signature -I wlan0

Here the -1 flag used for ICMP and the IP address is the sender’s IP. -9 flag is used to start the listener and -I is used to choose the network interface. Then the listener will start as we can see in the following screenshot:

After starting the listener mode here we can send the file from another machine by using following command:

sudo hping3 -1 192.168.225.29 -e signature -E hping3.txt -d 2000

Here -e flag is used to give a signature and -E flag is used for sending file data, -d flag used for size of data.

The following screen recording shows how it works.

Sniffing Network Traffic using Hping3

We also can use hping3 as a network packet sniffer. Here also we can use hping3’s listener mode and intercept and save all traffic going through our machine’s network interface.

First we need to allow this (uncomment)

net.ipv4.conf.all.accept_redirects = 0

in /etc/sysctl.conf file. Shows in the following screenshot:

For an example, to intercept all traffic containing HTTP signature we can apply the following command:

sudo hping3 -9 HTTP -I wlan0

In the following screenshot we can see the output.

On the above screenshot we can see that hping3 is capturing packets on the wlan0 network interface.

Denial of Service (DOS) using Hping3

We can do denial of service of DoS attack (SYN flood) using hping3. Simple command will be like following:

sudo hping3 -S --flood -V www.examplesite.com

Here -S indicates that we are using SYN packets, –flood is for sending packets as soon as possible. 

Also we can do this batter by using some advanced features.

sudo hping3 -c 20000 -d 120 -S -w 64 -p TARGET_PORT --flood --rand-source TARGET_SITE

Here -c flag is used for packet count (we can raise or decrees it as per our requirements) -d flag is for size of data, -w is to set window size, -p flag is used to specify the destination port, –rand-source flag is used to randomize the source.

This is how we can use hping3 on our Kali Linux system. We can read more about hping3 here. Hping3 is great utility for testing a network, it also very popular.

Disclaimer: This tutorial is for educational propose. Attacking others devices considered as criminal offense. We don’t support that. This is for spreading cybersecurity awareness. If anyone do any illegal stuffs then only that person will be responsible for it.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

There are lots of scanning tools used by cybersecurity professionals. Not arguably Nmap is the most famous scanning tool, but it is very slow. There are lots of more useful scanners. Masscan is the fastest port scanner in the world, but masscan is not so accurate.

If we need a enough fast scanner that gives us much reliable result we can choose Unicornscan. Unicornscan comes pre-installed with Kali Linux.

Unicornscan is a asynchronous based scanner (unlike nmap is synchronous based). That’s why it is faster.

Unicornscan was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license.

Key-Features of Unicornscan

Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include:

• Asynchronous stateless TCP scanning with all variations of TCP Flags.
• Asynchronous stateless TCP banner grabbing
• Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
• Active and Passive remote OS, application, and component identification by analyzing responses.
• PCAP file logging and filtering.
• Relational database output.
• Custom module support.
• Customized data-set views.
• Has its TCP/IP stack, a distinguishing feature that sets it apart from other port scannersHas its TCP/IP stack, a distinguishing feature that sets it apart from other port scanners.

Scanning With Unicornscan

While Unicornscan comes built into Kali Linux we don’t need to install it. If if we need to install it we can use following command:

sudo apt-get install unicornscan

First we start with basic scan. To perform a basic scan we can use following command:

sudo unicornscan 192.168.112.57

The output of the command shows in the following screenshot:

Here we have run unicoenscan on a Metspliotable2 machine and we can see that the normal scan has listed all the opened TCP ports of host machine. It’s kind of similar to -Ss scan in NMap.

If we need to run basic scan using unicornscan on multiple hosts then we can run following command:

sudo unicornscan 192.168.112.57 192.168.102.100

In this case we run the scan cammand and put 2 hosts divided with ‘space’.

We also can run it against live websites, here we want that unicornscan send 30 packets per second, so we use -r30 flag. We also look for TCP ports so we can run the scan using -mT scan (T is for TCP). So the command will be following:

sudo unicornscan -r30 -mT adaptercart.com

And we got the result as we want. As we can see in the following screenshot:

In the above screenshot we can see that unicornscan scans the website’s TCP ports.

We have seen that unicornscan scans the TCP ports using -mT flag, but if we want to scan UDP ports then we can try with -mU flag. Mind the similarities then it will be easy to remember. The command will be as following:

sudo unicornscan -r300 -mU 192.168.112.57

The screenshot is following:

In the above screenshot we can see that we got UDP ports only from the hosts.

We can save the scan result in a PCAP file using following command:

sudo unicornscan -r300 -mU 192.168.112.57 -w udpports.pcap

Using the above command (-w flag) we can save the scan result in a PCAP file. We can choose any name, for an example we have chosen “udpports”. The file will be saved on our home/user directory, as we can see in the following screenshot:

This the the basic uses of Unicornscan. If we want to learn more advanced scans then we can see the help menu of Unicornscan by applying following command:

sudo unicornscan -h

This is how we can scan a host or a website using Unicornscan on our Kali Linux system.

Love our super easy articles ? Don’t wanna miss new articles? We post updates of our articles on GitHub and Twitter. Make sure to follow us there to read and learn about cybersecurity.

Have any problem or any question? Please don’t hesitate to ask us in the comment section. We read every comments and we always reply.